19 matches found
CVE-2026-5465
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...
EUVD-2026-19580
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...
CVE-2026-5465
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...
CVE-2026-5465
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...
CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...
CVE-2026-5465 Amelia <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the UpdateProviderCommandHandler failing to validate changes to the externalId field when a Provider Employe...
CVE-2026-5465
Summary (technical): The Amelia Booking for Appointments and Events Calendar WordPress plugin (versions ≤ 2.1.3) is affected by an Insecure Direct Object Reference (IDOR) in the UpdateProviderCommandHandler. The handler does not validate ownership when a Provider (Employee) user updates their pro...
WordPress Amelia plugin <= 2.1.3 - Insecure Direct Object Reference to Authenticated (Employee+) Privilege Escalation via 'externalId' Parameter vulnerability
Insecure Direct Object Reference to Authenticated Employee+ Privilege Escalation via 'externalId' Parameter vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Amelia versions = 2.1.3...
WordPress plugin Booking for Appointments and Events Calendar – Amelia 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is a...
PT-2026-30799
Name of the Vulnerable Software and Affected Versions Amelia plugin for WordPress versions up to and including 2.1.3 Description The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is susceptible to Insecure Direct Object Reference. The UpdateProviderCommandHandler does...
SUSE CVE-2025-41115
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...
BIT-GRAFANA-2025-41115 Incorrect privilege assignment
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...
CVE-2025-41115
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...
CVE-2024-33453
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component...
CVE-2024-33453
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component...
CVE-2024-33453
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component...
CVE-2024-33453
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component...
ESP-IDF 安全漏洞
ESP-IDF is an Espressif open source development framework for Espressif SoCs supported on Windows, Linux and macOS. A security vulnerability exists in ESP-IDF version v.5.1, which stems from the presence of a buffer overflow vulnerability that could allow a remote attacker to obtain sensitive...
PT-2024-25269 · Espressif · Esp-Idf
Name of the Vulnerable Software and Affected Versions: esp-idf version 5.1 Description: A Buffer Overflow issue allows a remote attacker to obtain sensitive information via the externalId component. Recommendations: For esp-idf version 5.1, at the moment, there is no information about a newer...